Re: Sequoia code exposed like Diebold was

[Christian Rudolph <reindeer@xxxxxxxxxx>]

Evan,

Thank you for posting a link to the article.
I urge others to read this short piece.

To all,
Does anyone know where the source code can be obtained?
I speak VBScript, if a bit rusty.

I learned from this article that the Sequoia presenters seem to have misinformed us.
They stated in very strong terms that they did not use Windows in any form.
So what is WinEDS?      http://www.tsi.com.au/brochure.htm


"And because WINEDS®  fully conforms to the Windows TM 2000 and XP Professional user interface,
it will look right at home along side your favorite Windows Desktop Applications Suite."


http://www.wired.com/news/privacy/0,1848,61014,00.html
========================================================================================
"Neumann said this points to the necessity for using only voting machines that provide a voter-verifiable paper trail. 

"The idea of looking at source code to find problems is inherently unsatisfactory," he said. "You need to use a machine with accountability and an audit trail." 

The source who discovered the unprotected server containing the Sequoia system code said the files include Visual Basic script, which is uncompiled script that can be changed very quickly and easily. 

"You can swap out a file and plant a Trojan Horse in this," he said. "There's also SQL code in there that sets up a database. The SQL gives you details about the database that you can use to alter the contents of the database." 

The companies making electronic voting systems long have said that their systems are proprietary and their code needs to remain secret in order for the systems to be secure. 

Cindy Cohn, an attorney at the Electronic Frontier Foundation, said information gained from the discovery of the Diebold and Sequoia codes indicates the exact opposite. 

"Our society and our democracy is better served by open voting systems," she said. "The way to create a more secure system is to open the source code and to have as many people as possible try to break into the system and figure out all the holes. The clearest way to have an insecure system is to lock it up and show it to only a few people." 

Cohn said her organization is trying to convince election officials and companies to make their systems more secure. "That doesn't seem to be happening," she added. "So I have a lot of admiration for these people who are taking it upon themselves to try to figure out whether these machines are secure. I think we are all better off because of researchers who are taking the time to say the emperor doesn't have any clothes." 

Rubin said the focus shouldn't be on keeping systems secret but on creating systems that are more secure so they can't be easily exploited or rigged for fraud. 

"This argument that everything needs to be kept secret is not viable because the stuff does get out whether companies intend it or not," he said. "Now two out of the three top companies have leaked their system. 

"Scientists are being made to feel afraid to look at these things, which in the end will be bad for our society. Why shouldn't everyone want scientists to look? If there's any feeling that there may actually be danger to our elections, how can we not be encouraging researchers to look at our systems?" Rubin said. "
================================================================







On Sunday, November 2, 2003, at 03:14  PM, Evan Daniel Ravitz wrote:

> Apparently this means that Sequoia left some of their vote-counting
> software on-line so unprotected that anyone could change it at will!
> This is what got Diebold in trouble (among other things).
>
> http://www.wired.com/news/privacy/0,1848,61014,00.html
>
> Evan
>
> ----------------------------------------------
> Evan Ravitz     303 440 6838     evan@xxxxxxxx
> Vote for the National Initiative! www.vote.org
> Photo Adventures:          www.vote.org/photos